14-days FREE Trial

 

Right-size Kubernetes cluster, boost app performance and lower cloud infrastructure cost in 5 minutes or less

 

GET STARTED

  Blog

Best Practices Managing Kubernetes Using Terraform

Kubernetes has continued to strive to influence the tech space with its flexibility and portability in container orchestration. And with this continuous strive, there has been an increasing need to connect, configure, and manage Kubernetes with other tools and resources of your choice. This has brought about the creation of more automation products, infrastructure, and features to satisfy this increasing need.teraform

Terraform is one of the tools offering the best way to manage and configure Kubernetes. It is a popular and commonly used infrastructure-as-code product that includes a connector to Kubernetes, aptly called Kubernetes provider.

Terraform, in comparison with other similar tools, stands out because of its ability to provision infrastructure using templates. The templates are created by describing the resources that you’ll have as your infrastructure before deploying it. With terraform, you describe the details of your infrastructure-as-code and Terraform subsequently handles the provisioning.

While Terraform allows you to script your infrastructure, other tools like Ansible are just configuration management and help automate the configuration of software and systems on your infrastructure that’s already been provisioned.

Let’s take a look at why Terraform is a good tool for provisioning Kubernetes cluster:

  1. Terraform allows the user to maintain Kubernetes cluster definitions in the code.
  2. It uses the same declarative syntax for the lower underlying infrastructure provisioning.
  3. With Terraform, you can modify your Kubernetes clusters through variables.
  4. It has a dry-run feature for modifications made to a Kubernetes cluster before any changes are applied.
  5. One important benefit of Terraform is its ability to use the same configuration language for provisioning Kubernetes and deploying the applications into it.
  6. With terraform, only a single command is required to create, update, and delete pods and resources without the need to check APIs that’ll identify these resources.
  7. Terraform acknowledges the relationships between resources and also modularizes the infrastructure in the code.
  8. Terraform shortens the product delivery time as it aids disaster recovery time and release issues.

Having talked about the benefits of Terraform for Kubernetes, next, we’ll move on to learning a little more about how it works.

It is important to note that the Terraform Kubernetes provider does not build and deploy Kubernetes clusters, that is, it requires the Kubernetes cluster to be running before it can be used. To understand a bit more about how Terraform Kubernetes provider works, we’ll take a look at a use case.

A Use Case Of The Terraform Kubernetes Provider

The best way to work with or interact with Terraform Kubernetes provider is to configure the Kubernetes provider by creating a name-space, then deploy the application in a pod, and finally expose the pod to the users as a service. Meanwhile, to do all these, you need to have your Kubernetes cluster up and running. We have explained the three steps below:

Step 1: Configure Our Kubernetes Provider

The first step in using the Terraform Kubernetes provider will be configuration. To do that, we’re going to create a configuration file at ~/.kube/config. Then, we’ll want to have the config contained in the Terraform instance and we’ll do this via the code block below:


provider "kubernetes" {
   host = "https://0.0.0.0"
}

Step 2: Deploy The Pod

Terraform provisions a pod in which Kubernetes manages the containers. A pod usually contains one or more containers that are scheduled on cluster nodes based on the memory available.

Here, we’ll use Terraform to create our pod, while we expose port 80 to the users:


resource "kubernetes_pod" "example" {
  metadata {
    name = "example-test"
    labels {
      App = "example"
    }
  }

  spec {
    container {
      image = "example/http-echo:0.1.0"
      name  = "example-test"

      port {
        container_port = 80
      }
    }
  }
}

Step 3: Expose The Pod With A Service

The next step after our pod is created is to expose it to users by provisioning a service. The service will be capable of managing the relationship between the load-balancer and the pod.


resource "kubernetes_service" "example" {
  metadata {
    name = "example-test"
  }
  spec {
    selector {
      App = "${kubernetes_pod.example.metadata.0.labels.App}"
    }
    port {
      port        = 80
      target_port = 80
    }
    type = "LoadBalancer"
}
}

output "load_balancer_ip" {
  value = "${kubernetes_service.example.load_balancer_ingress.0.ip}"
}

This Terraform configuration also specifies an output that prints the IP of the load balancer to make it easy for the operator to access it. This output comes in addition to specifying the service function of Terraform.

Step 4: Verify That The Application Is Working

Having done all the necessary configurations, it’s imperative that we verify that everything we did actually works. We can verify that the application is running by using curl from the terminal:


$ curl -s $(terraform output load_balancer_ip)

Now, open your favorite browser and enter the IP address, if everything worked as it should, you should see your welcome page.

Configurations passed into the container instances use config_map, which is actually not a good way to take care of anything sensitive. If you need to have sensitive information, such as passwords, in your container instances, and you don’t necessarily want to expose them to the entire cluster, Terraform Kubernetes provider has a tool called kubernetes_secrets.

Kubernetes_secrets creates a secret resource (by default) and makes the resource available to any pod in that name-space.

Example Of Kubernetes_secret


resource "kubernetes_secret" "example" {
  metadata {
    name = "example-test"
  }

  data = {
    username = "admin"
    password = "GuessPassword"
  }

  type = "kubernetes.io/basic-auth"
}

The secrets can then be imported by running the command below in your terminal:


$ terraform import kubernetes_secret.example default/my-secret

Terraform directly provisions Storage and Persistent Volumes. Meanwhile, provisioning Storage Class using Terraform (to all volumes) while being managed by Kubernetes is best practice. And it’s also important for scalability and control.

Conclusion

Terraform makes it easy to manage Kubernetes clusters and Kubernetes resources effectively. It gives organizations the opportunity to work with infrastructure-as-code, management of cloud platforms, and also the opportunity to create modules for self-service infrastructure. Terraform Kubernetes provider gives organizations all the required tools necessary to manage Kubernetes clusters in the environment.

To learn more about Terraform Kubernetes Provider, take a look at this: Managing Kubernetes with Terraform.

TL;DR

  • Terraform is one of the tools offering the best way to manage and configure Kubernetes. It is a popular and commonly used infrastructure-as-code product that includes a connector to Kubernetes called Kubernetes provider.
  • Kubernetes has continued to strive to influence the tech space with its flexibility and portability in container orchestration. And, with its continuous expansion, there has been an increasing need to connect, configure, and manage Kubernetes with other tools and resources.
  • The best way to work with (or interact with) Terraform Kubernetes provider is to configure the Kubernetes provider by creating a name-space, then deploy the application in a pod, and finally expose the pod to the users as a service.
  • Terraform makes it easy to manage Kubernetes clusters and Kubernetes resources effectively. It gives organizations the opportunity to work with infrastructure-as-code, manage cloud platforms, and also the opportunity to create modules for self-service infrastructure.

Download Kubernetes Application Patterns E-Book

Adeyemo Qudus

May 18, 2020